bird.makeup

watchTowr

@watchtowrcyber · Twitter · 2025-09-23 10:46 UTC

🚨 SolarWinds, the gift that keeps on giving: a new Web Help Desk patch bypass, CVE-2025-26399, enables unauthenticated RCE via deserialization. It’s a patch bypass of CVE-2024-28988/CVE-2024-28986 - previously exploited. Given SolarWinds’ past, in-the-wild exploitation is highly likely. Patch now. Need help assessing your exposure? http://watchTowr.com